…oller::TestCase#process
since ActionDispatch::Http::Parameters#encode_params will force encoding on all params strings (when using an encoding aware Ruby), dup all strings passed into process. This prevents modification of params passed in and, more importantly, doesn't barf when a frozen string is passed
thanks and high fives to kinsteronline

…ame."
This commit was actually correct. The first parameter in process_action
is not necessarily the same as the action_name. Use action_name to
retrieve the action instead.
This reverts commit 4e2bacd.

* 3-0-6:
bumping version to 3.0.6
updating CHANGELOG
updating CHANGELOG for actionpack
do not return html safe strings from auto_link
bumping to 3.0.6.rc2
Support both conventions for translations for namespaced models.
Added back the use of the Reflection module's cached sanitized_conditions in an AssociationProxy. This was recently removed and when a has_one association with conditions is eager loaded the conditions would be sanitized once for every result row, causing a database hit to fetch the columns.
Bring back i18n_key to avoid regression
Revert "Improve testing of cookies in functional tests:"
bumping version to 3.0.6.rc1
updating AR changelog

- cookies can be set using string or symbol keys
- cookies are preserved across calls to get, post, etc.
- cookie names and values are escaped
- cookies can be cleared using @request.cookies.clear
[#6272 state:resolved]

…nse always renders a nil response body. It now correctly renders the response body.
Note that only GET and HTTP 200 responses can be cached.
[#6480 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>

Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
X-CSRF-Token: ...
This fixes CVE-2011-0447

Commit: f0dbcc7a692bc375e3e52a9661af4037392ee52f
Useful for cases such as warden, where a block configuration is taken.
class SomeController < ApplicationController
use RailsWarden::Manager do |manager|
manager.default_strategies :facebook_oauth
manager.failure_app = SomeController.action(:authorize)
end
end

This information was lost in commit bd6b61b.
This might have been intentional, but this class does represent the starting
point for all things related to actions, and as such should document it.
I couldn't find any trace of this documentation, which seems like a waste.
Updated parts here and there to conform to current best practices.